Important news for owners of Apple iPhone, iPad and iPod touch devices: Over the weekend, Apple announced it was cleaning up its mobile App Store following a large-scale attack by hackers, news service Reuters is reporting. The move follows last week’s discovery that 39 legitimate iOS apps were infected with XcodeGhost, a malware program that gives hackers access to some of your smartphone data, including your device's name and type and network information.
The malware itself seems to have originated in China. XcodeGhost wound up being integrated into otherwise legitimate mobile apps such as WeChat after a number of Chinese developers began using a counterfeit version of Apple’s app creation software. That software then injected malware into a number of Chinese apps that went undetected by Apple’s routine security checks. It was only last week when security experts – and ultimately Apple – discovered the problem.
“We've removed the apps from the App Store that we know have been created with this counterfeit software," an Apple spokesperson explained. "We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
While this particular attack seems to be focused primarily on those in China, the danger of XcodeGhost is widespread and concerning enough for us at Techlicious to recommend a few simple steps to keeping your own Apple smartphone safe.
1. Update any app that's been confirmed to be affected by XcodeGhost and if an update is not available uninstall the app. To check whether an affected app has been updated, go the the Apple App Store on your device, tap the Updates button and look for available updates. If an update is available install it. Lookout has a list of affected apps that the company has verified as being infected as well a those found by other security researchers. Affected apps include LifeSmart, OPlayerHD Lite, WeChat, WinZip, 10000+ Wallpapers, among others (See the full list of English titles below).
2. Change your Apple ID password. If you have an affected app on your phone, change your Apple ID password. And if you use your Apple ID password on any other accounts, change those account passwords.
3. Set your apps to update automatically. To ensure you always have the latest, patched version of your apps, set them to auto update. Enter Settings > App and iTunes Stores and make sure Updates is toggled on under “Automatic Downloads.” If you have a small data plan, you should also take a moment to toggle “Use Cellular Data” to off. That will instruct your phone to update itself only when it’s connected to Wi-Fi, protecting your cell bill from surprise overage charges.
List of Known Affected Apps (English) via Lookout
Updated on 9/22/2015
[Malware image via Shutterstock]